From 589dae7f8fac68a7d2a219887c40621f2d6aeaf7 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Peter=20M=C3=BCller?= Date: Mon, 23 May 2022 19:54:14 +0000 Subject: [PATCH] override-{a3,other,xd}: Regular batch of various overrides MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Müller --- overrides/override-a3.txt | 5 +++ overrides/override-other.txt | 65 ++++++++++++++++++++++++++++++------ overrides/override-xd.txt | 27 +++------------ 3 files changed, 65 insertions(+), 32 deletions(-) diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt index 87bd07e..a12b2e1 100644 --- a/overrides/override-a3.txt +++ b/overrides/override-a3.txt @@ -303,6 +303,11 @@ descr: Mainloop AB remarks: Generic anycast network is-anycast: yes +aut-num: AS202920 +descr: DataClub S.A. +remarks: Generic anycast network +is-anycast: yes + aut-num: AS203391 descr: Cloud DNS Ltd remarks: Generic anycast network diff --git a/overrides/override-other.txt b/overrides/override-other.txt index f53e6eb..a6a0282 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -403,6 +403,11 @@ descr: Institute for Research in Fundamental Sciences remarks: ISP located in IR, but some RIR data for announced prefixes contain garbage country: IR +aut-num: AS58057 +descr: iFog GmbH +remarks: location pinning to CH due to massive RIR data tampering +country: CH + aut-num: AS34933 descr: PP Aleksandr Tatarets remarks: ... hosted out of DE @@ -833,6 +838,11 @@ descr: WhiteHat Inc. remarks: tampers with RIR data country: EU +aut-num: AS52048 +descr: DataClub S.A. +remarks: location pinning to LV +country: LV + aut-num: AS52423 descr: Data Miners S.A. ( Racknation.cr ) remarks: ISP located in CR, but some RIR data for announced prefixes contain garbage @@ -898,6 +908,11 @@ descr: SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve remarks: ISP located in TR, but some RIR data for announced prefixes contain garbage country: TR +aut-num: AS58057 +descr: Securebit AG +remarks: ... who thinks messing with country codes galore is fun. We can do that, too, and pin their location to CH, since this at least is their accurate jurisdiction. +country: CH + aut-num: AS58061 descr: Scalaxy B.V. remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage @@ -1398,16 +1413,16 @@ descr: NETBUDUR TELEKOMUNIKASYON LIMITED SIRKETI remarks: ISP located in TR, but some RIR data for announced prefixes contain garbage country: TR -aut-num: AS202920 -descr: DataClub S.A. -remarks: another shady customer of "DDoS Guard Ltd." -country: RU - aut-num: AS203038 descr: QuxLabs UG remarks: traces back to SE country: SE +aut-num: AS203557 +descr: DataClub S.A. +remarks: location pinning to NL +country: NL + aut-num: AS203576 descr: Onur Ekren remarks: ISP located in TR, but some RIR data for announced prefixes contain garbage @@ -1663,6 +1678,11 @@ descr: RECONN LLC remarks: ISP located in RU, but RIR data for announced prefixes contain garbage country: RU +aut-num: AS212738 +descr: LUSOVPS UNIPESSOAL LDA +remarks: ISP located in PT +country: PT + aut-num: AS212962 descr: Quality Area Ltd. remarks: traceroutes dead-end somewhere near Crimera, UA @@ -1723,6 +1743,11 @@ descr: 68 MEDIA S.A. remarks: Fake offshore location (PA), traceroutes dead-end near Moscow, RU country: RU +aut-num: AS327790 +descr: Wirels Connect (PTY) Ltd +remarks: AS being announced out of PT +country: PT + aut-num: AS328383 descr: xTom Limited remarks: ISP located in ZA, RIR data for announced prefixes contain garbage @@ -1923,6 +1948,16 @@ descr: Vodafone US Inc. remarks: large Vodafone IP chunk used in ES, but assigned by ARIN (inaccurate data) country: ES +net: 51.79.128.0/17 +descr: OVH Singapore PTE. LTD +remarks: Accurate country code missing due to ARIN DB situation +country: SG + +net: 51.161.128.0/17 +descr: OVH Australia PTY LTD +remarks: Accurate country code missing due to ARIN DB situation +country: AU + net: 85.202.80.0/24 descr: Amarutu Technology Ltd. / KoDDoS / ESecurity remarks: fake offshore location (BZ), traces back to US @@ -1983,6 +2018,11 @@ descr: Cyber Telecom ISP remarks: Despite being allocated to AF, traceroutes end in NL country: NL +net: 103.178.35.0/24 +descr: Stella IT +remarks: ... they think allocating networks to AQ is funny. Yes, we think that's funny, too. :-/ +country: AP + net: 103.197.148.0/22 descr: I.C.S. Trabia-Network S.R.L. remarks: fake offshore location (HK), traces back to MD @@ -2028,6 +2068,16 @@ descr: PSINet, Inc. (PSI) / Cogent Communications remarks: Cogent IP range used in Europe, according to ARIN whois ("COGENT-EUROPEAN-OPERATIONS-001") country: EU +net: 139.99.128.0/17 +descr: OVH Australia PTY LTD +remarks: Accurate country code missing due to ARIN DB situation +country: AU + +net: 139.99.0.0/17 +descr: OVH Singapore PTE. LTD +remarks: Accurate country code missing due to ARIN DB situation +country: SG + net: 141.98.82.0/24 descr: Flyservers S.A. remarks: fake offshore location (PA), traces back to RO @@ -2317,8 +2367,3 @@ net: 2a0e:b101:3000::/40 descr: 4b42 UG (haftungsbeschränkt) remarks: ... who thinks assigning networks to unpopulated Bouvet Island (BV) is funny :-/ country: DE - -net: 2a0f:e400:3000::/40 -descr: Kevin Buehl -remarks: ... who thinks assigning networks to unpopulated Bouvet Island (BV) is funny :-/ -country: CH diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt index 7164673..0c600dd 100644 --- a/overrides/override-xd.txt +++ b/overrides/override-xd.txt @@ -380,12 +380,6 @@ remarks: Dirty ISP located somewhere in EU, cannot trust RIR data of this networ country: EU drop: yes -aut-num: AS212738 -descr: LUSOVPS UNIPESSOAL LDA -remarks: IP hijacker located in PT -country: PT -drop: yes - aut-num: AS213058 descr: Private Internet Hosting LTD remarks: bulletproof ISP located in RU @@ -398,12 +392,6 @@ remarks: Hijacked AS being announced out of RU country: RU drop: yes -aut-num: AS327790 -descr: Wirels Connect (PTY) Ltd -remarks: Hijacked AS being announced out of PT -country: PT -drop: yes - aut-num: AS328543 descr: Sun Network Company Limited remarks: IP hijacker, traces back to AP region @@ -445,16 +433,6 @@ remarks: Shady ISP located in US, solely announcing "Cloud Innovation Ltd." spac country: US drop: yes -net: 154.73.248.0/22 -descr: Wirels Connect (PTY) Ltd -remarks: Most likely stolen AfriNIC IPv4 space -drop: yes - -net: 161.123.0.0/16 -descr: Wirels Connect (PTY) Ltd -remarks: Most likely stolen AfriNIC IPv4 space, already SBL'ed (SBL547511), not a safe area to accept traffic from -drop: yes - net: 195.133.20.0/24 descr: Tribeka Web Advisors S.A. remarks: Tampers with RIR data, traces back to NL, not a safe place to route traffic to @@ -467,6 +445,11 @@ remarks: Stolen AfriNIC IPv4 space announced from NL? country: NL drop: yes +net: 2a0e:b107:17fe::/47 +descr: Amarai-Network - Location Test @ Antarctic +remarks: Tampers with RIR data, not a safe place to route traffic to +drop: yes + net: 2a0e:b107:d10::/44 descr: NZB.si Enterprises remarks: Tampers with RIR data, not a safe place to route traffic to -- 2.39.2